1. Home
  2. Off-Topic & Non-Support Discussion
  3. FYI–-UDP Flood XAMPP Exploit

FYI–-UDP Flood XAMPP Exploit

  • J

    Just thought I'd pass this on in case anyone could use it…

    I'm running PFsense 2.2.1 latest, and greatest ofcourse...

    Our company moved location and we've just brought the network back online connecting the various locations using Ubiquiti equipment.
    I've downloaded and installed Squid 3, taking into account the 4 locations now using PFsense at the center of them all, being the 'gateway'

    So, after installing and configuring squid 3, I noticed the CPU usage was at 17%. I thought this was a result of squid and general usage.
    However, tonight I just happened to check our CAS servers, and noticed one of them sending over 800mbits/s of traffic. Well, we don't have that kind of link. Our internet link is a mere 7Mbits, so..what the??

    Turns out, XAMPP WEBDEV server was hacked and exploited with malicious PHP files uploaded. Apache server logs erased.

    httpd.exe was disabled, and UDP flood terminated. PFsense CPU usage went down to between 0% and 5%.

    Just goes to show what happens when you assume and take things for granted. Details attached...



    ![CAS Bandwidth.jpg](/public/imported_attachments/1/CAS Bandwidth.jpg)
    ![CAS Bandwidth.jpg_thumb](/public/imported_attachments/1/CAS Bandwidth.jpg_thumb)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy